Struggling with database/user/acl permissions.

[Gino Borland]

First, I love appery, it's very cool. Thanks. I've enjoyed building my first apps. My current app "Express Who's Next" works great on my devices and I'm very happy.

That said, it's not working for my test users. I'm stuck and not sure how to debug it. I've certainly tried before asking for help.

It's a brand new web app (not ios or android).
The published app is here: http://whosnext.app.appery.io
The editor link is here: http://appery.io/app/project/5b66e0de...
I've shared both the app and the database with support.

Symptom: my two new test users either can't add a new record (hitting the Save button in FriendsDetail doesn't work--stays on same page and doesn't add a record to the database), or can't query their database (the FriendsMaster list is empty, even though they used to be able to add a friend).

Everything works fine for me, as the developer (of course =).

Suspected Problem: I assume it has to do with ACL, which I admit I'm no expert on.

More background info:

1. First, I started with the "App Creator Express" tutorial as my base.

2. Then I integrated "Using the Auth0 plugin for simple identity management". All was working very well, except all users could see all other users database records. I didn't want this.

3. So I searched a ton and found "Building a mobile app with user registration". In particular:

   "Then, open Security and permissions tab, check “Secure collection” box and save.

   After that, open Change default ACL tab. A new window opens where you have to choose “@Creator” as a Username. "

4. I did that, but still, all users could see all users records... so I looked again and noticed I missed this subtle, but important, line:

   "Then open the MerchandiseDB_Merchandise_create_service and delete an acl request parameter. ...". I assume it's because it has a '*' for all users that overrides.

5. It was a scary idea to delete the acl in the request parameter, but I did it anyway and voila! it worked: users could now only see their own database records. Happy, happy, joy, joy.

6. All seemed well, but now, new users can't create or list any database records. It still works on my account, but not the new users. They use mobile phones, so I don't know how to debug it (can't use console.log).

   I feel stuck and not sure what to try next.

   Any pointers?

   Thanks.

   Gino

[Illya Stepanov]

Hi Gino -

Thanks for your feedback!

We will take a closer look and look for the appropriate solution for your case.

[Gino Borland]

Thanks Illya.

Update: Now the problem is occurring with me (as well as my two test users). This allows me to debug a bit further.

Here's screen shot of the error message from the console:

From here: https://devcenter.appery.io/documenta...
It looks like a "400 DBUG002 Invalid session token specified."

I assume the session token is mapped from storage, here:

And it's originally mapped from Auth0 service to storage, here:

Even with more info, I'm still feeling stuck.

Thanks for any pointers.

Gino

[Gino Borland]

Just to get unstuck, I tried a few more things:
Exported the Friends database. Deleted all rows. Imported the Friends database.
Tried again, no luck.
Desperately, de-selected "Secure collection" from Security and Permissions. Tried again, no luck.
Added "All Users" to Change Default ACL. Tried again, no luck.
Closed app. Reloaded. No luck. Refreshed browser, tried again and it worked!?
Tried on two test users, didn't work until refreshed browser, clicked back twice. Logged again and refreshed. Odd.
Decided to reset "Secure collection" and Default ACL back to only @Creator.
Still seems to be working.

I'm still confused, but I'm currently un-stuck and can keep developing.

[pixel]

I have the same issue, on a note task app, the user loggs in and see the notes of other people...

[Serhii Kulibaba]

Hello,

Please see the answer here: https://getsatisfaction.com/apperyio/...